The purpose of this page is to describe how to create the necessary infrastructure to deploy Vectice on a Kubernetes cluster in AWS, followed by instructions to deploy the Vectice software
1. Understanding prerequisites
Infrastructure requirements
#
Requirement
Notes or Details
Note: Within the same VPC
1
Security Groups
Port 443 (HTTPS)
3128 Outbound (pip install)
SMTP Port (e.g 2525)
2
Kubernetes Cluster
v1.16+ deployed
2 nodes with t3.xlarge
3
S3 Bucket
In the same region
4
Managed PostgreSQL
13.x RDS instance
Other requirements
#
Requirement
Notes or Details
5
Domain Name
Example: https://vectice.my-company.com
6
SSL Certificate
Must be associated with the domain name above
Self-signed certificates are not recommended
Deployment environment with the following tools:
7
Helm v3
8
Kubectl
9
AWS CLI
10
Eksctl
11
Openssl
2. How to provision the infrastructure
You have two ways to create the infrastructure necessary for running Vectice.
Provisioning via Terraform (with Terragrunt Wrapper)
Expected Time: 40 minutes
Steps:
Provisioning via AWS console
Expected Time: 2 hours
Steps:
Create a VPC, or reuse an existing one
3. How to deploy the Vectice application
The provisioning of Vectice on Kubernetes will happen in 6 steps:
Step 1: Connect to the cluster and create the Vectice namespace
First, define the variables for the next steps and retrieve connections from your deployment machine. Below, sample values are provided between brackets:
2023-10-31 18:58:05 [βΉ] 1 iamserviceaccount (kube-system/aws-load-balancer-controller) was included (based on the include/exclude rules)
2023-10-31 18:58:06 [βΉ] 1 task: {
2 sequential sub-tasks: {
delete IAM role for serviceaccount "kube-system/aws-load-balancer-controller" [async],
delete serviceaccount "kube-system/aws-load-balancer-controller",
} }2023-10-31 18:58:06 [βΉ] will delete stack "eksctl-vectice-cluster-addon-iamserviceaccount-kube-sy
And recreate it with the create command previously given.
Next, install the load balancer with Helm, then add the Helm repository to the repository list:
kubectl --context $CONTEXT get deployment -n kube-system aws-load-balancer-controller
The expected output should look like this:
NAME READY UP-TO-DATE AVAILABLE AGE
aws-load-balancer-controller 2/2 2 2 84s
Step 3: Create PostgreSQL databases
Run commands to create the databases βvecticeβ and βkeycloak.β Once itβs done, the temporary deployment can be deleted.
Step 4: Install the Cert Manager
Next, install the cert-manager and cert-manager-csi-driver applications on the cluster.
Cert-manager is used to implement SSL for internal communication between Vectice pods, Cert-manager-csi-driver will attach a csi volume containing the certificates to the Vectice pods
Step 5: Create Secrets for Ingress and Docker image retriever
First, create a self-signed certificate using the following command, replacing the item highlighted with your own Common Name (CN). Below are sample values:
From the package your account team provided, untar helm vectice chart and create myvalues.yml from values.yml file. Below, sample values are provided between brackets:
VERSION=<241.1.0>
tar -xvf vectice-$VERSION.tgz
cd vectice-$VERSION
cp values.yaml myvalues.yaml
Next, fill in the values in myvalues.yaml according to your environment deployment, and deploy Vectice global objects using Helm:
Complete instructions, including the Terraform script, are found in the package your Vectice account team provided you. Contact if you require assistance.
PostgreSQL Instance creation, see
IAM roles and Bucket creation, see
Kubernetes cluster creation, see
Tag the VPC subnets for the Load Balancer, see
: Connect to the cluster and create the Vectice namespace
: Install the AWS Application Load Balancer (ALB)
: Create PostgreSQL databases
: Install the Cert Manager
: Create secrets for Ingress and Docker image retriever
: Install the Vectice stack
For any questions or assistance with deployment, please reach out to
For further reference please see the
Follow the instructions in to create the databases on the RDS instance. This creates a temporary deployment, connecting to a Kubernetes pod with PSQL installed.
To deploy the software, you can retrieve the necessary Docker images directly from the Vectice Registry. Alternatively, if you prefer, we can provide the images via an alternative delivery method that would be defined together.
If your Kubernetes cluster is configured to pull images directly from the Vectice Registry, navigate to the location of the βvectice-image-puller.jsonβ file. This is found in the package your Vectice account team provided you. Contact if you require assistance. Use this file to create the secret that will be used to pull the docker images from the Vectice GAR registry.
Please refer to the and comments inside the file myvalues.yaml to customize values.
